CVE-2009-0591: OpenSSL Signed Attributes Security Bypass

First of all this issue affects OpenSSL from 0.9.8h up to 0.9.8j release. Here I’ll be using 0.9.8j to describe the vulnerability. This bug was disclosed on 25 March 2009 and it was reported by Ivan Nestlerode of IBM. The buggy routine is under crypto/cms/cms_smime.c. You only have to worry if you’re using a CMS (Cryptographic Message Syntax) enabled OpenSSL library. Here is the function:

Clearly there are many ways to make this function return -1 since conditions at lines 884, 892, 901 and 907 are directly calling err label without setting the value of r variable to 0. This means that the check at line 428 of CMS_verify() can be bypassed if any of the those conditions is reached and r has value of -1. The patch for this bug was this: